| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Centralise the specification of the default ssloptions to make the code
clearer and more testable.
Change-Id: I4f4bae72736dd063ee4cd64c6375e82d0600a105
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since recently QSslCertificate::serialNumber() always returns the
hexadecimal format, so we need to adapt to that when checking the
serial numbers for the blacklisted certificates.
Change-Id: I43bdb1be77faad7ad79a835c896fc39477452e75
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
|
| |
... and only resolve the functions when the methods are available.
SSL 2 functionality is not always available in OpenSSL anymore.
Change-Id: Ia3178685b26c67ac55447476789e06710b596181
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
| |
This property is no longer necessary because we can now set the user
agent directly on the proxy.
Task-number: QTBUG-17223
Change-Id: I27cb126dd401f02525290d2317650f55cae9f4ef
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The API is the same that is present on QNetworkRequest class. Since
these are HTTP headers, this only affects proxies of type HttpProxy and
HttpCachingProxy.
This was created as a general solution to the problem pointed out in
QTBUG-19569(some proxies only accept request with specific User Agents).
In the same way that there are cases where setting the User Agent is
desired there might be reasons to set other headers, hence the support
for any header.
Change-Id: Ifd04f34d29eedb6c2a3f0b50708244996b12a123
Task: QTBUG-19569
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
| |
There's no real reason for the typedef here, QtNetwork
will compile without it and it might conflict with
openssl.
Change-Id: Id352ccc98d84ca9ee9ea3c7b4a942382882173f1
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
| |
This is done on systems other than Windows or Mac.
Change-Id: I631ea350cb9bc123edc6df33b6f661afa8f0778b
Reviewed-by: Arvid Picciani <arvid.picciani@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a bug in CFSocket/CFRunLoopSource in OS X 10.7 which can lead to a deadlock
in CFRunLoopRemoveSource or CFRunLoopSourceInvalidate if the CFSocket manager thread
is concurrently calling CFSocketInvalidate as a result of the socket's file descriptor
having been closed.
QLocalServer::close() triggers this race by closing the socket fd before unregistering
the QSocketNotifier, which internally uses CFSocket.
This commit fixes the problem by changing the ordering in close() so that the socket notifier
is disabled before closing the file descriptor. This change also makes QLocalServer::close()
perform operations in reverse order to QLocalServer::listen(), as would be expected.
Task-number: QTBUG-22789
Merge-request: 1470
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
(cherry picked from commit a9c3f7169faf4621d39714f753d6e8b376c5d6e5)
Change-Id: Ia9c3f7169faf4621d39714f753d6e8b376c5d6e5
|
| |
|
|
|
|
|
|
|
| |
defined.
Merge-request: 2690
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
(cherry picked from commit 4245a82a3eed3ec21b6affc5836af5b2ad2d42e4)
Change-Id: I4245a82a3eed3ec21b6affc5836af5b2ad2d42e4
|
| |
|
|
|
|
|
|
|
|
| |
The handling of QSslOptions is complicated not only by the subject, but
also by the fact that some of the openssl directives are negatives. This
commit tries to separate the inherent complexity from the complexity of
the api by allowing us to test them independently.
Change-Id: Ieb9386c69dd9b0b49dc42e26b2878a301f26ded1
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
| |
"qsslconfiguration.cpp:204:73: warning: suggest parentheses around
comparison in operand of ‘|’ [-Wparentheses]"
Change-Id: I887ffdf3ef8263c35a8f391b3fc97faee41b7dab
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
|
| |
|
|
|
| |
Change-Id: I259b5fde8e4d75d28def8650c4c9208accdf0bbe
Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a source-incompatible change.
TlsV1 is ambiguous; what is actually meant is TLS version 1.0. There are
also TLS versions 1.1 and 1.2; we might want to add options for these
once OpenSSL supports them (apparently they will be with OpenSSL version
1.0.1).
Change-Id: I940d020b181b5fa528788ef0c3c47e8ef873796a
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This commit adds the ability to perform legacy SSL renegotiation as
a fallback via QSsl::SslOptions. This is something that used to work,
but has been disabled by default in newer versions of openssl. The
need for this has been reported by users (eg. in QTBUG-14983).
Change-Id: I5b80f3ffd07e0c5faddc469f6a8f857bac5740f7
Reviewed-by: Corentin Chary <corentin.chary@gmail.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
| |
In Qt 4.x the serial number is reported by a mixture of the hex value
and the number, The hex is what is used by other tools, and we should do
the same.
Change-Id: Ia0361d43fb5b920d053c95e932e0c8a012436e5e
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
that server was found out not to support HTTP pipelining.
tested manually; for more information see the task.
Change-Id: I9120e8be1a9a05f39f99752d6426c92fa3d093f2
(cherry picked from commit ec6d7694f72498d1b156bb0ae8d305e01931f7b2)
Reviewed-by: Markus Goetz
Task-number: QTBUG-21369
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
| |
removes several files and cleans up the code, removing all Symbian
specific #ifdef's etc.
Change-Id: Ie457e54cb4b3a992f251383320d47822259c38f1
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently isValid wrongly gives the impression it checks a certificate
for validity - it doesn't. It merely checks if the certificate dates
are valid and if the certificate is blacklisted. Since it's already
easy for users to check the dates, let's just give them access to the
ability to check for blacklisting.
Change-Id: I25be3bde6a01063034702a9574b28469bf4882cd
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two problems:
- The signal cacheCredidentials was not connected in the synchronous
case while it must be connected. (Regression when the threaded http
was merged)
- We cannot cache the credidentials when we proceed the url because
at that point, we do not know the realm (this basically reverts
9bc5a32b875b812c3a706034c8c27614f86bd138)
Task-number: QTBUG-18411
Change-Id: I8ea11fa23db4314c3f17ed06d2d7f9ee934ccdba
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
... as did browser vendors.
Tested manually with affected CA certificates.
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit e1d6df4e5931ee49b4b68dd5a33146f5639268b7)
Change-Id: I5bf6c147abf6d2de0f313d65faa2d9a1e9684cea
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
| |
... by adding a new class QSslCertificateExtension and methods in
QSslCertificate to support extensions. This is needed e.g. for OCSP
(checking revocation status of a certificate) or Extended Validation
certificates.
Change-Id: I5c5d9513fa640cd487786bb9a5af734afebd0828
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The Proxy-Connection header is a non standard header, but is widely
used so forming a de-facto standard.
Some proxies use the official Connection header, so we should check
for that in responses. Otherwise https connections over http proxy
fail in case the proxy sends "Connection: close" with the 407 reply.
Task-number: QTBUG-22177
Change-Id: If6cfa4ebb7ac9d97d65b6ddcc8257aee20ac0448
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
| |
(cherry picked from commit 9d5c920bb23b949a0b98f1268679a0a2c06dd1d9)
Change-Id: Id99040051afe97bca3b1a8e4e3ae5a4c7f617cc9
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
Reviewed-by: Richard J. Moore <rich@kde.org>
|
| |
|
|
|
|
|
|
| |
Symbian is no longer a supported platform.
Change-Id: Ifcb2e05661b16acc6307a4ccfaa42586750734c1
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
| |
This should be API-compatible with Qt 4, but is not ABI-compatible, due to
removing the enum from QUdpSocket.
Task-number: QTBUG-121
Change-Id: I967968c6cb6f96d3ab1d6300eadd5bde6154b300
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
| |
This should have always been the case, as it simply makes sense, but the
upcoming moving of binding to QAbstractSocket will require this for autotesting.
Change-Id: Ieef70196616227e7914c76fff5388a4068c36efb
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
| |
Change-Id: Ide409d72d2637b68ec2a85aaca4bc783a7e911e7
Reviewed-by: Bradley T. Hughes <bradley.hughes@nokia.com>
|
| |
|
|
|
| |
Change-Id: Ia7ef1a8e01001f203e409c710c977d6f4686342e
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
| |
It was originally added to keep compatibility with the bearer management module from Qt Mobility, and no longer needed in Qt 5.
Change-Id: I187494e02a71c3d39a52f8c0bd4d0c7cc23d0b4b
Reviewed-by: Aaron McCarthy <aaron.mccarthy@nokia.com>
|
| |
|
|
|
|
|
|
| |
the generic systemProxyForQuery will use http_proxy from the
environment, if it is set.
Change-Id: Ie685c47eb6df1fdd2ab223defc7172bb25e6fe30
Reviewed-by: Thiago Macieira (Intel) <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Various places in QtNetwork checked for Localhost or LocalHostIPv6,
i.e. 127.0.0.1 or ::1. By using the isLoopback API, other loopback
addresses are treated the same way (e.g. 127.0.0.2 and ::ffff:127.0.0.1)
Task-number: QTBUG-22246
Change-Id: I46f55630d8646fd68034a509969a0b7cb72ca77c
Reviewed-by: Thiago Macieira (Intel) <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The standard IPv4 loopback address is 127.0.0.1, however anything in
the 127.0.0.0/8 range is also a loopback address.
isLoopback returns true for any address that is in the IPv4 loopback
address range, or is the single IPv6 loopback address ::1
Task-number: QTBUG-22246
Change-Id: Ic39100e2e97a52db700e01b109998a1cfd4335e3
Reviewed-by: Thiago Macieira (Intel) <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
QAtomicInt has a constructor, so QBasicAtomicInt needs to be used
instead to allow compile time initialisation.
Task-Number: QTBUG-20343
Reviewed-By: Olivier Goffart
(cherry picked from commit 29495592d27505feff024d574e1333809794c304)
Change-Id: Ia531c74f47daa86ba24a1b01bee36ddb1101af11
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certain FTP servers refuse the SIZE command in ASCII mode (proftpd)
or refuse the SIZE command in ASCII mode for large files.
This is a security feature, as the SIZE command requires reading
the whole file and counting line ends which can cause denial of
services. In binary mode, the file size on disc is reported, which
is a relatively quick operation.
Qt had two problems here:
1. when size command fails, the total size was reported as -1,
whereas the documentation of QFtp::dataTransferProgress states
it should be reported as 0 (so that QProgressDialog can display
a wait note rather than progress bar)
2. SIZE command was sent before setting the type of the transfer
to ASCII / Binary. This is a problem as the size reported by
the server is incorrect. Also it usually means sending ASCII
SIZE for Binary transfers, which results in the 550 error on
FTP servers with DOS protection.
Task-Number: QTTH-1428
Reviewed-By: Peter Hartmann
(cherry picked from commit 72bf6105214bfc26cff33632f7f4bdeed9cdf362)
Change-Id: Ie1f356c34d6a04362eaca64befb00788f85c0ccb
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There are lots of buggy SSL servers around and to connect to them you
need to disable various features. This commit adds the ability to
disable the SSL ticket extension, the ability to disable the insertion
of empty fragments, and the ability to disable compression.
Task-number: QTBUG-21906
Change-Id: I3e1d0347a46e9030b889bbf15b2aad19b8513b73
Merge-request: 68
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
| |
Change-Id: I85139e0334b648bee0d18129cef9387dcc6c3222
Reviewed-by: Jerome Pasion <jerome.pasion@nokia.com>
|
| |
|
|
|
| |
Change-Id: I592936859f6932fcd1aa47f0617ba9f8efee86dc
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@nokia.com>
|
| |
|
|
|
| |
Change-Id: I05f114dcb1c43a98c416d02b3e764dcb40d56e09
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
startHostInfoLookup will try to detect if IPv4 or IPv6 will be used
when connecting to the host. If a proxy is set we should lookup
the proxy hostname instead, in case host name can't be resolved
via DNS and should be resolved by the proxy.
Task-number: QTBUG-21889
Change-Id: I2012798784fc40f153469a1298e261c52981297e
Reviewed-on: http://codereview.qt-project.org/6447
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Reviewed-by: Shane Kearns <shane.kearns@accenture.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When two threads construct a QNetworkAccessManager at exactly the
same time on an SMP system, there are construction races for some
Q_GLOBAL_STATIC data. This is normal and expected - the losing
thread deletes its instance as part of the Q_GLOBAL_STATIC macro.
For QNetworkAccessBackendFactoryData, a guard mechanism intended
to prevent the data being reconstructed by destructors of other
global static classes was being set by the loser.
To fix this, the bool is changed to a QAtomicInt. In the normal
case, it will have value 0->1 on startup and 1->0 on shutdown.
In the race case, it will have values 0->1->2->1 on startup and
1->0 on shutdown.
Task-Number: QTBUG-20343
Change-Id: Ie3fe38944d10809d1ccdbe772df82d67faffe19c
Reviewed-on: http://codereview.qt-project.org/6181
Sanity-Review: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
| |
Change-Id: I51bb0c52eb32d9d672d115f31b16d414f81708e2
Reviewed-on: http://codereview.qt-project.org/6433
Sanity-Review: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Frederik Gladhorn <frederik.gladhorn@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current code was meant to be a thread-safe initialisation that
also ran a couple of extra steps. But it wasn't. While it's ok to call
qAddPostRoutine(), the call to updateConfigurations() was
thread-unsafe. It is possible that another thread got the pointer to
the Private before updateConfigurations() finished.
So instead protect the initialisation with a mutex.
It's possible that the value of the pointer becomes visible to
other processors before the other contained values, so use
atomics here.
To call qAddPostRoutine safely from the main thread, use the trick
of deleteLater() (which is thread-safe) in another thread connecting
to a slot.
Change-Id: If9bab88138755df95a791f34b0be8684207979d7
Reviewed-on: http://codereview.qt-project.org/5028
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Bradley T. Hughes <bradley.hughes@nokia.com>
Reviewed-by: Lars Knoll <lars.knoll@nokia.com>
|
| |
|
|
|
|
|
|
|
|
| |
Merge-request: 1339
Reviewed-by: Joerg Bornemann <joerg.bornemann@nokia.com>
Change-Id: Id1f977ad8f746ac848c355880cac688e256721d8
Reviewed-on: http://codereview.qt-project.org/6145
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Joerg Bornemann <joerg.bornemann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QHttpNetworkReply was waiting for a body to be sent for 401 and 407
responses, whereas with a HTTP HEAD request, there will be no body.
This delayed the authentication signal until after the http channel
is closed by the server after a timeout. For example with the server
used for autotesting, the authentication signal is delayed 15 seconds.
When the server has a very long timeout, the authentication signal may
not be emitted at all.
Task-Number: QT-5304
Reviewed-By: Martin Petersson
(cherry picked from commit 8610ee14b8636641651a8ba6040cca16c4141ed6)
Change-Id: Ie4ce6c598df86ce59910f793fd5ae7c1ccf39f9d
Reviewed-on: http://codereview.qt-project.org/6032
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Martin Petersson <Martin.Petersson@nokia.com>
|
| |
|
|
|
|
|
| |
Change-Id: I6b6d86097074a12c9c4e3d22fe61a6b962ffa21e
Reviewed-on: http://codereview.qt-project.org/5627
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The QHttpNetworkConnectionPrivate::errorDetail is supposed to return a
translated string, which is then set as the QNetworkReply error.
The current code incorrectly uses QT_TRANSLATE_NOOP,
which mark the strings for translation, but does not translate them.
The result is that even with a translator loaded those strings are
written in English.
Fixes QTBUG-18382.
Merge-request: 2671
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
(cherry picked from commit 434686a926a2a6e71f3cdea2508898b7800f7c81)
Change-Id: I8673cef7671d41106f50b75e78394916f3b720c9
Reviewed-on: http://codereview.qt-project.org/4691
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge-request: 1206
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
(cherry picked from commit eb61f612fea1b76fe01ee237e5bd160f66aeca3d)
Conflicts:
src/declarative/debugger/qdeclarativedebugserver.cpp
Change-Id: I8ff647b1e331b0c855a8f63d16a4f3cacd8e436c
Reviewed-on: http://codereview.qt-project.org/4567
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
and do not only check leaf certificates, but all intermediates and
the root. Tested manually with the cross-signed intermediates.
Change-Id: I860dc9b568bc244abc9228486dbb374a1a2b47c4
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 64adbd0c5775f97343afbe0e7b5fde0d70bdaedd)
Reviewed-on: http://codereview.qt.nokia.com/4291
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... to reduce the possibility of blacklisting valid certificates that
happen to have the same serial number as a blacklisted one, which is
unlikely, but possible.
Reviewed-by: Richard J. Moore <rich@kde.org>
(cherry picked from commit 6b1a8129623e3716f2fc075608b260ce7c381fe2
and adapted to the source incompatible change)
Change-Id: If714c34f6ce028032eee6d68f34d088b6ad5a0cc
Reviewed-on: http://codereview.qt.nokia.com/3895
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
| |
|
|
|
|
|
|
|
|
| |
Merge-request: 48
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
Change-Id: Ia5ac3239e6f378f930cb299a5711aa98dbb2f418
Reviewed-on: http://codereview.qt.nokia.com/4012
Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com>
|
